1

I have a very sticky search engine (searchinterneat-a.akamaihd.net) hijack in my Firefox browser. My BF already:

  • removed the program,
  • removed all traces in the registry,
  • removed addons,
  • restored default values for search and newtab in the Firefox configuration (about:config)

This fixed the problem for a while, but today it came back. There don't seem to be any entries about it in the registry, there are no suspicious addons, yet when I reset the configuration entries to their default values the immediately get back to the malware when I open a new tab.

Any ideas how to get rid of this? (None of the advices I found so far seem to address my problem proper.) I'd rather not reinstall everything.

Marleen Morisse
  • 31
  • 3
  • 1
    Possible duplicate of [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](http://superuser.com/questions/100360/how-can-i-remove-malicious-spyware-malware-adware-viruses-trojans-or-rootkit) – Ramhound Dec 05 '15 at 15:19
  • 3
    I don't think it's a duplicate. The advice given there doesn't seem to work here. – Marleen Morisse Dec 05 '15 at 15:21
  • Sure; One of those answers indicate you should delete the Firefox user profile, you have not done this, because your browser is still hijacked. – Ramhound Dec 05 '15 at 15:22
  • The browser profile may have nothing to do with this (see my answer) but if you have not yet done that and choose to do so, make sure you export at least your bookmarks (if you have any). –  Dec 05 '15 at 15:45
  • Did you try adwcleaner? – adgelbfish Dec 08 '15 at 07:33

1 Answers1

0

A search engine hijack may not necessarily be a problem on your computer so the answers in that other question linked in a comment may not help in the format they are specified.

What I mean is that a search engine hijack can be caused by changes to your network router instead of your computer.

See for example this article about a backdoor in a particular Arris router; the author of this article says (in a comment to his article) that criminals from certain country use this type of vulnerabilities to change users DNS (with malicious intent).

To determine whether this is the case you can:

  1. Check if any other browser is similarly hijacked (if it's caused by the router, all browsers would likely behave in the same way).
  2. User a free service such as the F-Secure Router checker or e.g. the trial version of F-Secure Freedome which also protects against router hijack.
Community
  • 1